Daniel Wetherill

**Name of the Vulnerable Software and Affected Versions** Mitel MiVoice Connect versions prior to 19.1 SP1 **Description** A remote code execution issue exists due to insufficient validation of URL parameters in the UCB component. This could allow an unauthenticated remote attacker to execute arbitrary scripts, potentially gaining access to sensitive information. **Recommendations** For versions prior to 19.1 SP1, update to version 19.1 SP1 or later to resolve the issue. As a temporary workaround, consider restricting access to the UCB component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mitel MiVoice Connect Client versions prior to 214.100.1214.0 **Description** A weak encryption issue could allow an unauthenticated attacker to gain access to user credentials. A successful exploit could allow an attacker to access the system with compromised user credentials. **Recommendations** For versions prior to 214.100.1214.0, update to version 214.100.1214.0 or later to resolve the issue.